Naoise Ó Cearúil (Kildare North, Fianna Fail)
Link to this: Individually | In context

360. To ask the Minister for Education and Skills to confirm if any staff devices (laptops, phones, USBs) containing departmental information or sensitive data were reported lost or stolen in the past five years; the number of devices reported; the data risk involved; and the associated cost of mitigation. [54384/25]

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018 and any personal data breaches, including lost or stolen laptops and mobile phones, since its introduction are dealt with under the regulation and the Data Protection Act 2018.

My Department is committed to the highest level of data protection for the personal data which it processes and takes its compliance with data protection obligations very seriously.

My Department's laptops are encrypted, and multifactor authentication has been deployed to protect user accounts from compromise. In addition to this the user’s password is reset as a security measure after a device loss incident.

My Department's phones are encrypted natively and are managed by a mobile device management system (MDM). The MDM system enables the device and the data therein to be controlled and secured. When a phone is reported lost or stolen a remote wipe command is issued to the phone to ensure that any sensitive data stored on the devices is securely erased in order to protect the data and prevent potential data breaches.

As soon as the device is lost or stolen the staff member notifies the relevant sections within my Department. The device is then wiped remotely, the breach is recorded locally, and the staff member is issued additional data breach training . This training is issued on top of mandatory GDPR training that is issued to all staff as part of their induction training. My Department's staff are also reminded of their obligations through updates by email and newsletters, there are also resources available on my Department's intranet site including its data protection policy.

The table below outlines the number of lost or stolen devices since my Department's establishment in August 2020 to 7/10/2025.